emotet

General

Target

2e0fc4e865b9808ca81b5580652d2d8458b21f3b885cf769d187c9d5900d7ef5
Size

509KB
Sample

241120-xs32msscpr
MD5

1cec6568631ff2c844364c6215dcfa34
SHA1

44c600d8ec9ef49aee0bf293cb540bfda36748ed
SHA256

2e0fc4e865b9808ca81b5580652d2d8458b21f3b885cf769d187c9d5900d7ef5
SHA512

739377e446136dbcb6aafbd599e3ee6e60f3a9dca063c0c0e322ee0f1fc88e543aace372df1bc4d8c4dece2b6a430ccf089a949b44bcb2b3686c2d54da563a3c
SSDEEP

12288:dGzPU7pHSr5wN7c7H/o1s7FwqDmf8l0RoDpI2+4lVR0:aU7qMo7gRqKf8lyoDhR0

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch5

C2

27.254.174.84:8080

61.7.231.229:443

168.197.250.14:80

59.148.253.194:443

195.154.146.35:443

159.69.237.188:443

139.196.72.155:8080

185.148.168.220:8080

191.252.103.16:80

54.38.242.185:443

185.184.25.78:8080

54.37.228.122:443

45.71.195.104:8080

185.148.168.15:8080

54.37.106.167:8080

103.41.204.169:8080

198.199.98.78:8080

61.7.231.226:443

210.57.209.142:8080

190.90.233.66:443

eck1.plain

ecs1.plain

Targets

- Target
  
  2e0fc4e865b9808ca81b5580652d2d8458b21f3b885cf769d187c9d5900d7ef5
- Size
  
  509KB
- MD5
  
  1cec6568631ff2c844364c6215dcfa34
- SHA1
  
  44c600d8ec9ef49aee0bf293cb540bfda36748ed
- SHA256
  
  2e0fc4e865b9808ca81b5580652d2d8458b21f3b885cf769d187c9d5900d7ef5
- SHA512
  
  739377e446136dbcb6aafbd599e3ee6e60f3a9dca063c0c0e322ee0f1fc88e543aace372df1bc4d8c4dece2b6a430ccf089a949b44bcb2b3686c2d54da563a3c
- SSDEEP
  
  12288:dGzPU7pHSr5wN7c7H/o1s7FwqDmf8l0RoDpI2+4lVR0:aU7qMo7gRqKf8lyoDhR0
Score

1^/10
behavioral1 behavioral2
- Target
  
  743b326837476d30964895f816eb2d934ff0158dfad0c6cc8566d2e7e85c10dc
- Size
  
  1.1MB
- MD5
  
  fe993e694cc971448e5aa7793130cb5a
- SHA1
  
  67eb45de81d218f0c2d344b2e4f1e31a0e59b8ef
- SHA256
  
  743b326837476d30964895f816eb2d934ff0158dfad0c6cc8566d2e7e85c10dc
- SHA512
  
  e0afc67489df47b221d04896394b617a74658d68ec8d70317068359bc8edac80e89990f016ea6500f37c905d405410fa5867e5fd48ddfb5f76b9aeb32d2d8d30
- SSDEEP
  
  12288:s/9RP8f5TiefonhbF3wleXx7xXhP7/rTewZ0SwA58l01oDpI2+Mlgn:y9RP4onnYon7/rTeKLz58lcoDhq
Score

10^/10

emotet epoch5 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Loads dropped DLL
- Drops file in System32 directory
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4